"I, For One, Welcome Our New Robot Permissions Overlords"

Sascha Cohen / Jon Johnson / Stefan Topfstedt
-
Proctor

When crafting access models for content management applications, there are two interconnected standard models: that of role assignment, and that of permissions assignment. Typically, a modern application will have customized roles ("admin", "approver") which are in turn fine tuned by the addition/exclusion of specific permitted actions ("can update forms", "can delete users"). These roles are in turn assigned by managers to users of the application, explicitly, giving them access in proportion to their needs.

This model is hampered by a few key issues: first, roles must be explicitly assigned and determined by a third party. Next, those roles may not be flexible enough to control or constrain exceptional use cases like limited time engagement, heightened privilege for specific use, or rapidly shifting organizational roles for a user. Still, it continues to be the primary model for use because in large part, it mostly works.

In education and curriculum management, we face some particularly thorny issues like those noted above, which complicate the ability to easily provide appropriate access to curricular content within our management platforms: short-term or even one-time instructors; teaching assistants, peer mentors, and small group discussion leads; work-study students, and more. In these cases, it can be challenging to provide a simple and manageable permissions control environment without either significant compromise in the levels of access granted, or the resource needs to oversee their maintenance, or both.

With the new permissions model being deployed in the Ilios curriculum management platform, we have taken a different, hybrid approach: rather than relying on roles assigned for access to data, we are determining permissions based on relationship to the data itself. A user associated with a dataset will be provided with a role via the context of their data relationship, allowing the process to be derivative from the internal interaction of user, data, and context. The permissions matrix (and in turn, the default "roles") is then produced via a canvassing of all the standard permutations of user interaction.

In this presentation, we will discuss how this model reduces resource overhead for management, since it relies explicitly on published data context, rather than external role assignment; how it also reduces risk, since overly-permissive (or restrictive) roles need not be applied; we will show how the algorithmic intelligence of the data itself provides the baseline foundations for user management. We will share the conceptual planning which helped to develop this model, and show the applied matrix which is governing data access in the platform.